패스워드 생성 변경

src/main/java/com/kamco/cd/kamcoback/auth/BCryptSaltGenerator.java

@@ -1,22 +0,0 @@
-package com.kamco.cd.kamcoback.auth;
-
-import java.security.SecureRandom;
-import java.util.Base64;
-
-public class BCryptSaltGenerator {
-
-  public static String generateSaltWithEmployeeNo(String employeeNo) {
-
-    // bcrypt salt는 16바이트(128비트) 필요
-    byte[] randomBytes = new byte[16];
-    new SecureRandom().nextBytes(randomBytes);
-
-    String base64 = Base64.getEncoder().encodeToString(randomBytes);
-
-    // 사번을 포함 (22자 제한 → 잘라내기)
-    String mixedSalt = (employeeNo + base64).substring(0, 22);
-
-    // bcrypt 포맷에 맞게 구성
-    return "$2a$10$" + mixedSalt;
-  }
-}

src/main/java/com/kamco/cd/kamcoback/common/utils/CommonStringUtils.java

@@ -1,11 +1,12 @@
 package com.kamco.cd.kamcoback.common.utils;
 
-import com.kamco.cd.kamcoback.auth.BCryptSaltGenerator;
 import java.util.regex.Pattern;
 import org.mindrot.jbcrypt.BCrypt;
 
 public class CommonStringUtils {
 
+  private static final int BCRYPT_COST = 10;
+
   /**
    * 영문, 숫자, 특수문자를 모두 포함하여 8~20자 이내의 비밀번호
    *
@@ -22,11 +23,12 @@ public class CommonStringUtils {
    * 패스워드 암호화
    *
    * @param password 암호화 필요한 패스워드
-   * @param employeeNo salt 생성에 필요한 사원번호
    * @return
    */
-  public static String hashPassword(String password, String employeeNo) {
+  public static String hashPassword(String password) {
-    String salt = BCryptSaltGenerator.generateSaltWithEmployeeNo(employeeNo.trim());
+    if (password == null) {
-    return BCrypt.hashpw(password.trim(), salt);
+      throw new IllegalArgumentException("password must not be null");
+    }
+    return BCrypt.hashpw(password.trim(), BCrypt.gensalt(BCRYPT_COST));
   }
 }

src/main/java/com/kamco/cd/kamcoback/postgres/core/MembersCoreService.java

@@ -1,6 +1,5 @@
 package com.kamco.cd.kamcoback.postgres.core;
 
-import com.kamco.cd.kamcoback.auth.BCryptSaltGenerator;
 import com.kamco.cd.kamcoback.common.enums.StatusType;
 import com.kamco.cd.kamcoback.common.enums.error.AuthErrorCode;
 import com.kamco.cd.kamcoback.common.exception.CustomApiException;
@@ -42,10 +41,8 @@ public class MembersCoreService {
       throw new DuplicateMemberException(Field.EMPLOYEE_NO, addReq.getEmployeeNo());
     }
 
-    // salt 생성, 사번이 salt
-    String salt = BCryptSaltGenerator.generateSaltWithEmployeeNo(addReq.getEmployeeNo().trim());
     // 패스워드 암호화, 초기 패스워드 고정
-    String hashedPassword = BCrypt.hashpw(addReq.getPassword(), salt);
+    String hashedPassword = CommonStringUtils.hashPassword(addReq.getPassword());
 
     MemberEntity memberEntity = new MemberEntity();
     memberEntity.setUserId(addReq.getEmployeeNo());
@@ -84,8 +81,7 @@ public class MembersCoreService {
         throw new CustomApiException("WRONG_PASSWORD", HttpStatus.BAD_REQUEST);
       }
 
-      String password =
+      String password = CommonStringUtils.hashPassword(updateReq.getPassword());
-          CommonStringUtils.hashPassword(updateReq.getPassword(), memberEntity.getEmployeeNo());
 
       memberEntity.setStatus(StatusType.PENDING.getId());
       memberEntity.setLoginFailCount(0);
@@ -110,8 +106,7 @@ public class MembersCoreService {
       throw new CustomApiException(AuthErrorCode.LOGIN_PASSWORD_MISMATCH);
     }
 
-    String password =
+    String password = CommonStringUtils.hashPassword(initReq.getNewPassword());
-        CommonStringUtils.hashPassword(initReq.getNewPassword(), memberEntity.getEmployeeNo());
 
     memberEntity.setPassword(password);
     memberEntity.setStatus(StatusType.ACTIVE.getId());